0

My understanding is that SendMail leverages OpenSSL for STARTTLS functionality (among other things). Does this link dynamically against whatever version of OpenSSL I have installed? Or does sendmail use/maintain its own "copy" of openssl?

I ask this because there are advanced sendmail parameters like O CipherList=HIGH which reference openssl categories that are subject to change over time. For example, what OpenSSL considers a strong/high cipher could be different from what it considers strong later.

Mike B
  • 11,871
  • 42
  • 107
  • 168

1 Answers1

1

It dynamically links to the version of openssl you have installed

# ldd `which sendmail` | grep ssl
libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f1ffec11000)
libssl3.so => /usr/lib64/libssl3.so (0x00007f1ffdab5000)

If you were to say install a source version over the rpm version and it didn't install those two libraries sendmail would not work since it can't find those libraries.

So you just keep openssl updated to what redhat releases and you are ok as long as the distro isn't at end of life.

Mike
  • 22,310
  • 7
  • 56
  • 79